Hiya
We have noticed users creating strava accounts with temporary email address providers
And then coming to our app
We cannot detect this behaviour in our app - so would kindly ask Strava to enhance its security on the use of temporary email addresses to create accounts
It would be good in the Athlete API response we could get the users email address also so we can check its domain
Thanks
How will you know they use temporary email accounts? As you said yourself the API doesn’t reveal that und it should stay that way. The OAuth process is there especially so the real login data keep secret.
True, but literally we are seeing many fake signups to our app that can only point to one thing - Strava account creation is easy to script
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
